Internet of Things (IOT)
The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
A thing in the internet of things can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low or any other natural or man-made object that can be assigned an IP address and is able to transfer data over a network.
History of IoT
Kevin Ashton, co-founder of the Auto-ID Center at MIT, first mentioned the internet of things in a presentation he made to Procter & Gamble (P&G) in 1999. Wanting to bring radio frequency ID (RFID) to the attention of P&G’s senior management, Ashton called his presentation “Internet of Things” to incorporate the cool new trend of 1999: the internet.
The first internet appliance, for example, was a Coke machine at Carnegie Mellon University in the early 1980s. Using the web, programmers could check the status of the machine and determine whether there would be a cold drink awaiting them, should they decide to make the trip to the machine.
IoT evolved from machine-to-machine (M2M) communication, i.e., machines connecting to each other via a network without human interaction. M2M refers to connecting a device to the cloud, managing it and collecting data.
How IoT works?
An IoT ecosystem consists of web-enabled smart devices that use embedded processors, sensors and communication hardware to collect, send and act on data they acquire from their environments. IoT devices share the sensor data they collect by connecting to an IoT gateway or other edge device where data is either sent to the cloud to be analyzed or analyzed locally. Sometimes, these devices communicate with other related devices and act on the information they get from one another. The devices do most of the work without human intervention, although people can interact with the devices – for instance, to set them up, give them instructions or access the data.
The connectivity, networking and communication protocols used with these web-enabled devices largely depend on the specific IoT applications deployed.
Benefits of IoT
The internet of things offers a number of benefits to organizations, enabling them to:
- Monitor their overall business processes;
- Improve the customer experience;
- Save time and money;
- Enhance employee productivity;
- Integrate and adapt business models;
- Make better business decisions;
- Generate more revenue.
Consumer and enterprise IoT applications
There are numerous real-world applications of the internet of things, ranging from consumer IoT and enterprise IoT to manufacturing and industrial IoT (IoT). IoT applications span numerous verticals, including automotive, telecom, energy and more.
In the consumer segment, for example, smart homes that are equipped with smart thermostats, smart appliances and connected heating, lighting and electronic devices can be controlled remotely via computers, smart phones or other mobile devices.
Wearable devices with sensors and software can collect and analyze user data, sending messages to other technologies about the users with the aim of making users’ lives easier and more comfortable. Wearable devices are also used for public safety — for example, improving first responders’ response times during emergencies by providing optimized routes to a location or by tracking construction workers’ or firefighters’ vital signs at life-threatening sites.
Common Cyber Attacks in the IoT
Many types of attacks have been around for a very long time. What’s new is the scale and relative simplicity of attacks in the Internet of Things (IoT) – the millions of devices that are a potential victim to traditional style cyber attacks, but on a much larger scale and often with limited, if any protection. At its core, IoT is all about connecting and networking devices that up until now have not necessarily been connected. This means that all of those devices, whether it is your brand new connected refrigerator or your connected vehicle, are creating a new entry point to the network and therefore posing an increasing security and privacy risk.
A botnet is a network of systems combined together with the purpose of remotely taking control and distributing malware. Controlled by botnet operators via Command-and-Control-Servers (C&C Server), they are used by criminals on a grand scale for many things: stealing private information, exploiting online-banking data, DDos-attacks or for spam and phishing emails.
The man-in-the-middle-concept is where an attacker or hacker is looking to interrupt and breach communications between two separate systems. It can be a dangerous attack because it is one where the attacker secretly intercepts and transmits messages between two parties when they are under the belief that they are communicating directly with each other. As the attacker has the original communication, they can trick the recipient into thinking they are still getting a legitimate message. Many cases have already been reported within this threat area, cases of hacked vehicles and hacked “smart refrigerators”.
While the news is full of scary and unpredictable hackers accessing data and money with all types of impressive hacks, we are often also our own biggest security enemy. Careless safekeeping of internet connected devices (e.g. mobile phone, iPad, Kindle, smartwatch, etc.) are playing into the hands of malicious thieves and opportunistic finders.
IoT security and privacy issues
The internet of things connects billions of devices to the internet and involves the use of billions of data points, all of which need to be secured. Due to its expanded attack surface, IoT Security and IoT Privacy are cited as major concerns.
One of the most notorious recent IoT attacks was Mirai, a botnet that infiltrated domain name server provider Dyn and took down many websites for an extended period of time in one of the biggest distributed denial-of-service (DDoS) attacks ever seen. Attackers gained access to the network by exploiting poorly secured IoT devices.
Beyond leaking personal data, IoT poses a risk to critical infrastructure, including electricity, transportation and financial services.
Internet of Things Investigations
Any investigator will tell you that digital evidence is good as long as you can associate a user behind the information. The user profile created with the application, as well as the historical data from the device’s purchase record, could be used to strengthen the identity of the user of the wearable. Hypothetically, a gold mine of digital evidence, in this case, would be found in the legal collection of the iOS or Android device associated with the user.
Should an investigator have access to the app, it would be easy for him/her to identify your items’ last locations and potentially your current or last location. Other real-time GPS locators are also available in the form of a ring that will display text messages, phone numbers and contact names.
For an investigator, the ultimate properties of IoT devices are their interconnectivity and sometimes a distinctive connection to the Internet. To achieve this type of communication between IoT devices, an investigator will have to become familiar with the IFTTT (“If This Than That”) platform, which is a free web-based service allowing users to create chains of simple conditional statements called “recipes” that are small programming “IF” statements controlling your IOT devices.
Simple Steps To Protect Yourself From IoT Security Threats
One factor which is often overlooked by tech and gadget enthusiasts frothing at the mouth with excitement over the incoming surge of intelligent, connected home devices is security.
Ø Users should always change the default password on connected devices. Always, and with no exceptions.
Ø Read the terms and conditions. Yes, its painful, but these should help you understand what data is being collected and what therefore what threats might exist.
Ø This might sound like it defeats the purpose of a smart home… but think about how connected you need to be. The more devices you have connected, the more ways there are for hackers to get into your home.
Ø Keep the software updated on all your connected devices. It’s the only way to make sure the vendor is providing bug fixes. If your device hasn’t been updated in several months this could be a red flag – is the vendor still in business? Who is making sure the device is still secure?